Tencent Security Xuanwu Lab Daily News
• CVE-2021-44832 – Apache Log4j 2.17.0 Arbitrary Code Execution via JDBCAppender DataSource Element | Checkmarx.com:
https://checkmarx.com/blog/cve-2021-44832-apache-log4j-2-17-0-arbitrary-code-execution-via-jdbcappender-datasource-element/
・ Apache Log4j 2.17.0 JDBCAppender CVE-2021-44832 任意代码执行漏洞
– Jett
• hmgle/graftcp:
https://github.com/hmgle/graftcp
・ 将指定进程 TCP 连接重定向到 SOCKS5 或 HTTP 代理
– Jett
• [Attack] A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard – Check Point Research:
https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/
・ Checkpoint 对 APT31 DoubleFeature 模块的分析
– Jett
• Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons:
https://isc.sans.edu/diary/rss/28180
・ 攻击者利用 MSBuild 逃逸检测传播 Cobalt Strike
– Jett
• CVE-2021-30853漏洞深入分析(译文):
https://tttang.com/archive/1388/
・ CVE-2021-30853漏洞深入分析(译文)
– lanying37
• 2021: Looking back on the year in malware and cyber attacks, from SolarWinds to Log4j:
http://blog.talosintelligence.com/2021/12/2021-looking-back-on-year-in-malware.html
・ Talos 对 2021 年的恶意软件、网络攻击、重要漏洞的总结回顾
– Jett
• Winning the Impossible Race – An Unintended Solution for Includer’s Revenge / Counter (hxp 2021):
https://lewin.co.il/winning-the-impossible-race-an-unintended-solution-for-includers-revenge-counter-hxp-2021/
・ hxp CTF 比赛 PHP LFI 漏洞的利用
– Jett
• Lab M10. Integer Arithmetic Part 1: High-speed Multiplication and Division:
http://www.c-jump.com/CIS77/MLabs/M10arithmetic/lecture.html
・ Lab M10. Integer Arithmetic Part 1: High-speed Multiplication and Division.
– lanying37
• [macOS, iOS] Slides/Batch_find_macO_iOS_kernel_info_leak.pdf at main · maldiohead/Slides:
https://github.com/maldiohead/Slides/blob/main/Batch_find_macO_iOS_kernel_info_leak.pdf
・ 研究员 maldiohead 前两年关于 macOS/iOS 内核信息泄露漏洞挖掘的分享
– Jett
• [Attack] Garrett Walk-Through Metal Detectors Can Be Hacked Remotely:
https://thehackernews.com/2021/12/garrett-walk-through-metal-detectors.html
・ 安全研究人员近期发现在Garrett 金属探测器的网络组件存在中多个安全漏洞,该漏洞对用户数据存在的安全威胁。
– lanying37
• 魔形女:
http://paper.seebug.org/1801/
・ 针对魔形女漏洞研究。
– lanying37
• Assume Role Logic:
https://hackingthe.cloud/aws/general-knowledge/assume_role_logic/
・ Hacking The Cloud – AWS 云环境安全测试教程
– Jett
• 用DTA照亮DNS威胁分析之路 (1):
https://blog.netlab.360.com/use_dta_to_illuminate_the_path_of_dns_threat_analysis_1/
・ 用DTA照亮DNS威胁分析之路 (1)
– lanying37
• Fuzzing of the TEE driver:
https://github.com/pjlantz/optee-qemu
・ CVE-2021-44733: Fuzzing and exploitation of a use-after-free in the Linux kernel TEE subsystem
– Jett
• Introduction:
https://0xinfection.github.io/reversing/
・ Reverse Engineering For Everyone!
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(12-29)